Privacy Policy · Capitol Note

1. Who we are

Capitol Note is operated by FAR CNCPT LLC, a Wyoming limited liability company (“Capitol Note,” “we,” “us,” or “our”). This Privacy Policy describes how we handle information when you visit capitolnote.com, sign in to the web application, install our command line interface (the CLI), or connect Capitol Note to a Model Context Protocol (MCP) client such as Claude.ai, Claude Desktop, Claude Code, Cursor, or VS Code (collectively, the Service).

For questions about this policy or to exercise the rights described in Section 11, contact admin@farcncpt.com.

2. What this policy covers

This policy covers information we collect about you as a Capitol Note user. It also describes how we process the information youprovide about other people — for example, congressional staff, members, lobbying clients, and colleagues whose names appear in your meetings, notes, and contact records. The handling of that third-party information is governed by our agreement with you (the Terms of service) and by the representations you make when you upload it. See Section 7.

This policy does not cover websites or services we link to, including the websites of our subprocessors. Their privacy practices are governed by their own policies.

3. Information we collect

3.1 Account information

When you create an account we collect the email address and (optionally) display name you provide through our identity partner, Stack Auth (operated by Hexclave). Stack Auth issues a session cookie that we use to authenticate you on subsequent visits.

3.2 Onboarding profile

During onboarding we ask you to tell us about yourself and your firm. We store:

Your role (for example, Lobbyist, Government affairs, Counsel)
Your firm name and firm type
The policy issues you cover
Your default capture preference (typed or dictation)
Your notification preferences

3.3 Content you create

Capitol Note exists to store records you produce in your work. We collect and store:

People records (names, titles, offices, contact details you choose to log)
Meeting records (attendees, location, time, summary, notes)
Action items, free-form notes, and positions you record
Legislation you elect to track and any bill events you log
Client records (the names of clients your firm represents)

A substantial portion of this content describes other people. We process that information as a processor acting on your instructions; you are the controller. See Section 7.

3.4 Personal access tokens

When you generate a personal access token for use with the CLI, an MCP client, or a third-party connector, we display the plaintext token to you once and immediately store only its SHA-256 hash and a four-character prefix. We never store the plaintext server-side and cannot recover it. The hash is what we look up when your CLI or MCP client presents a Bearer token. If a token is lost, revoke it from Settings and generate a new one.

3.5 Usage and security telemetry

To operate the Service safely and prevent abuse we log, for each API request:

Your account ID (not your email or name)
The route called, HTTP method, and response status
Timestamp and request duration
Source IP and user-agent string
The token kind that authenticated the request (web session, CLI, MCP, connector)

We use these records to detect bot traffic, enforce rate limits, and audit unusual access patterns — for example, hundreds of identical sub-100 ms requests consistent with credential stuffing. We retain these telemetry rows for 90 days, after which they are pruned by a scheduled job.

3.6 AI usage records

When a capture is processed by an AI model on your behalf, we record the model name, input and output token counts, computed cost, the resolved key source (managed or BYOK— see Section 5), and the grant under which the call was billed, if any. We do notstore the prompt or the model’s response in this telemetry table; the structured result of the capture is stored as ordinary content under your account.

4. How we use information

To operate the Service. Show you your records, run searches, log meetings, generate briefs.
To process captures with AI. Convert the transcript you submit into structured records (see Section 5).
To secure the Service. Rate-limit requests, detect abuse, investigate suspicious activity, enforce monthly token budgets on admin-managed AI grants.
To communicate. Send you transactional email about your account (sign-in alerts, security notices, billing if applicable). We do not currently send marketing email.
To comply with law. Respond to lawful requests, exercise legal rights, defend claims.

We do notsell your information. We do not use your content to train AI models — ours or anyone else’s.

5. AI processing in detail

5.1 No audio recording today

Despite the “voice-first” framing in our marketing, the current version of the Service does not record or transmit audio. When you use the web capture surface, you either type a transcript or your device performs speech-to-text locally (using the browser or operating system). Capitol Note only ever receives the resulting text. We will update this policy and notify you before that changes.

5.2 How AI calls are billed

Captures and other AI-assisted features call an AI provider (today, Anthropic, PBC, for Claude). Each call resolves to one of two key sources:

Managed.An administrator has granted you access to the platform’s Anthropic API key, subject to a monthly token budget. Your transcript is sent to Anthropic under our key; usage is metered against the grant.
BYOK (bring your own key).You connect a personal Anthropic API key in Settings. The key is held in your browser’s local storage and is never persisted to our server; the browser passes it inline with the request. Your transcript is sent to Anthropic under your key, billed directly to your Anthropic account.

5.3 What Anthropic sees

Anthropic receives the transcript you submit and a small set of system-prompt instructions describing the task. Anthropic’s handling of that data is governed by Anthropic’s own Commercial Terms of Service and privacy commitments, which provide (as of the effective date above) that customer data submitted via the API is not used to train Anthropic’s models. We do not direct Anthropic to retain the data longer than necessary to return a response. We have no control over Anthropic’s internal log retention; consult Anthropic’s privacy policy for current terms.

6. Cookies and similar technologies

We use a small number of strictly functional cookies and similar technologies:

An authentication cookie set by Stack Auth, so you stay signed in.
A small amount of local storage in your browser to remember your theme, accent color, and (if you set one) your BYOK API key.

We do not use advertising cookies. We do not embed third-party tracking pixels. We do not load analytics that fingerprint you across sites.

7. Information you record about other people

The single most important section of this policy. Capitol Note is a CRM for lobbying work. By design, it holds notes about people who are not Capitol Note users — congressional staff, members of Congress, agency officials, colleagues, and your firm’s clients.

With respect to that information:

You are the controller, we are the processor. You decide what to record, how to use it, and when to delete it. We process it on your instructions to provide the Service.
You represent that you have a lawful basisto record the information — including any applicable obligations under the Lobbying Disclosure Act, House and Senate ethics rules, your firm’s document retention policy, or other professional rules that apply to your work. See the Terms of service for the operative representations.
We do not contact the people you record on the basis of records held in your account. We do not market to them, profile them, sell their data, or disclose your records to them, except where Section 8 requires us to.
We do not aggregate across tenants. Postgres row-level security is enforced on every tenant table; your records are not visible to other users or other firms.

If you are an individual whose information appears in a Capitol Note customer’s records and you want it removed or corrected, please contact the customer directly. If you cannot identify the customer, contact us at admin@farcncpt.com and we will make a reasonable effort to identify the relevant account and forward your request.

8. How we share information

We share information only as needed to operate the Service, with the categories of recipients below.

8.1 Subprocessors

The Service depends on a small number of operational vendors (subprocessors). As of the effective date above, they are:

Anthropic, PBC. AI model inference. Receives the transcripts and other content you submit for AI processing (see Section 5).
Neon, Inc. Managed Postgres hosting. Stores all account, content, and telemetry data. Data is hosted in the United States.
Stack Auth (operated by Hexclave). Identity and session management. Receives your email and the metadata required to authenticate you.
Vercel, Inc. Application hosting, build pipeline, edge delivery, and request logs. Vercel does not have access to the contents of your records but sees request metadata (URL, status, IP, user-agent).

We will post material changes to this list at least 30 days before they take effect.

8.2 Legal compulsion

We may disclose information when required by valid legal process (subpoena, court order, search warrant). Where we are legally permitted to do so, we will notify the affected account holder before disclosure so you have an opportunity to seek a protective order or other relief.

8.3 Successor entity

If FAR CNCPT LLC is acquired, merged, reorganized, or sells substantially all of its assets, your information may be transferred to the successor entity, subject to the same protections as this policy.

8.4 At your direction

When you connect Capitol Note to an MCP client (Claude.ai, Claude Desktop, Cursor, and so on) using a personal access token, the client receives the data it requests through the connector. You control which clients receive a token.

9. Data isolation and security

Row-level security. Postgres row-level security is forced on every tenant table. Application queries scope to your account ID via a per-transaction session variable. Cross-tenant reads fail at the database level, not the application level.
Token storage. Personal access tokens are stored only as SHA-256 hashes. The plaintext is displayed once at creation and never again.
Encryption in transit. All connections use HTTPS / TLS.
Encryption at rest. The Neon Postgres tier we use applies disk-level encryption.
Rate limiting and abuse analysis.Per-route sliding-window rate limits and a request cadence analysis (looking at sub-100 ms cycles and sustained burst patterns) are in place to protect the Service.
Beta caveat. The Service is in beta. While we take security seriously, beta software carries higher risk of defects than mature software. Do not record information in Capitol Note that you cannot afford to be lost, leaked, or wrong. See Section 4 of the Terms of service.

10. Data retention

Active account data and content: retained until you delete the specific record or close your account.
Account closure: on account deletion, all records linked to your account ID are deleted via cascading foreign keys. We aim to complete deletion within 30 days of your request.
Security and rate-limit telemetry: 90 days, then pruned automatically.
AI usage records: retained for the lifetime of the account so you and the platform administrator can review historical token consumption.
Backups: we may retain encrypted backups for up to 35 days after deletion before they cycle out of the rolling backup window. Deleted data is never restored to the live database except in the case of a verified disaster recovery event.

11. Your rights

Depending on where you live (including under the California Consumer Privacy Act and the EU/UK General Data Protection Regulation, where applicable), you may have the right to:

Request a copy of the personal information we hold about you
Request correction of inaccurate personal information
Request deletion of your personal information
Object to or restrict certain processing
Request portability of the information you provided
Withdraw consent you previously gave
Lodge a complaint with a supervisory authority

To exercise any of these rights, email admin@farcncpt.com from the address associated with your account. We will respond within 30 days. We do not charge a fee for reasonable requests.

If the data in question concerns a third party recorded in a customer’s account (rather than the customer themselves), see Section 7.

12. Children

The Service is intended for adult professional use and is not directed to children under 18. We do not knowingly collect information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will delete it.

13. International users

We operate the Service from the United States and host data with US-based subprocessors. If you access the Service from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

14. Changes to this policy

We will update this policy from time to time. The effective date at the top of the page reflects the most recent material change. We will notify account holders of material changes by email at least 14 days before they take effect, and the prior version will remain available on request.

15. Contact

FAR CNCPT LLC
Attn: Privacy — Capitol Note
admin@farcncpt.com